“The best of times, the worst of times – Charles Dickens. 5G is similar situation for operators today. 5G opens debate different from 3G. Today we don’t have answers to 5G – how is it going to evolve? New use cases for operators given the investment in 3G/4G. Software and security is largely ignored in 3G/4G.”
This was the opening address of Ajay Sunder, vice president – Telecom for Frost & Sullivan at the recently concluded Executive MindXchange co-hosted by A10 Networks. Speaking on the opportunities and challenges facing the telecom industry in 2018 and beyond, Sunder concede that 5G introduces changes like speed bump, connection density, latency, volume density and mobility.
While he concludes that 5G will eliminate the limitations of current networks – become a thing of the past as he called it – he cautions three parameters of 5G important that service providers cannot take in isolation: 1ms latency, 100 Gbps peak throughput and 1 Gbps user experience, and 1 million connections.
He warned of the complexity of the 5G IT/OT converged intelligence era. “Security has been ignored in 4G and earlier. In 5G this needs to change. The convergence of operational technology (OT) and information technology (IT) creates security challenges – automating and scaling the network with enhanced security for the new use cases. He used the example of a 5G device becoming a vector for launching attacks.
Enterprises looking at 5G present security problems: disparate network configurations (implication of automation), application centricity (disparate solutions and approaches from vendors. Prospective 5G carriers face their own set of challenges including changes to mobile network operator’s (MNO) operations, higher costs than 4G network, security in the converged 5G ecosystem, and as yet to be determined overall investments required to deliver true 5G service.
In describing a future he called connected intelligence, Lee Chen, founder and CEO of A10 Networks, concedes that security configurations today vary according to the responsibility of the person or department. There is very little sharing among departments. This situation complicates the ability of the industry to provide a truly secure environment for providers, their enterprise customers, and consumers.
“We are at early stage of 5G. In the US alone, mobile operators are earmarking as much as $100 billion for their 5G deployment roadmap spanning the next three years," Chen said.
"With the proliferation of the Internet of Things (IoT) and with as many as 1 billion 5G devices by 2023, 5G will see a tenfold increase in data speeds. 5G security must be part of the strategy,” he advised.
In an exclusive with Telecom Asia, Chen said 5G opens up a great superhighway for [cyber] attackers. The threat of weaponized IoT attacks is real as attackers learn how to propagate DDoS attacks using connected devices.
Elaborating on this emerging trend, Yasir Liaqatullah, senior director of product management at A10 Networks, noted that mobile networks are rapidly evolving and with these changes, come vulnerability.
“Until recently, the Gi-LAN connecting the (Evolved Packet Core) EPC to the internet was considered to be the most vulnerable part of the service provider network and was protected via Gi-Firewall and anti-DDoS systems. The rest of the EPC links were considered difficult targets for hackers because advanced vendor-specific knowledge was required for a successful attack. Since the typical hacker prefers a soft target, defensive measures weren’t a priority for developers or carriers. Network complexity was a defense in itself,” he explained.
“However, the requisite know-how to attack EPC from other interfaces is now becoming much more common. The mobile endpoints are being infected at an alarming rate, and this means that attacks can come in from the inside of the network. The year 2016 saw a leap in malware attacks, including headline-makers Gooligan, Pegasus, and Viking Horde. Then the first quarter of 2017 saw a leap in mobile ransomware attacks, which grew by 250%.
“The need for securing the EPC is tied to advances like LTE adoption and the rise of IoT, which are still gaining speed. LTE networks grew to 647 commercial networks in 2017, with another 700 expected to launch this year. With the adoption of LTE, IoT has become a reality—and a significant revenue stream for enterprises, creating a market expected to reach $561.04 billion by 2022. The time to take a holistic approach to secure the service provider networks has arrived.”
With 5G, the threat potential escalates further. He lists a number of emerging trends including eMBB, ultra-reliable low latency communication, and the massive machine type communication that use high data rates.
“All of these are attracting security threats. Already we are seeing a 125% rise in attacks year-on-year. Attacks are coming from radio access networks (RAN) or Peer Network that target Mobility Management Entity (MME), Packet Data Network Gateway (PGW) elements of the Evolved Packet Core (EPC),” he enumerated.
He revealed that 5G exposes many more use cases of threats as compared to 3G and 4G. He agreed with both Sunder and Chen that “5G enables massive numbers of [connected] IoT devices – for example, cameras and sensors – all of these are connected to the internet. Each device can become a zombie or bot which can attack the ISP or somebody else in the world. Features like ultra-reliable, low latency solutions are a critical component of the 5G service. In a use case such as emergency services, inducing a delay using IoT or some other attack on the network, the situation can become a life or death situation. In the 4G world, this could well be just an inconvenience,” explained Liaqatullah.